Box, Dropbox, or drop both?

"There are four critical questions every enterprise and IT administrator should ask when considering file sharing services," says Adam Gordon, author of "Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press)." These include: Where will the service store and share files? Who will view the files? How will the service protect the files? And, what types of files will the service permit in the storage system? If a service provider doesn't respond satisfactorily, CISOs should consider their options.

CSO decided to measure the security of Box and Dropbox using these questions. Does either meet enterprise security standards for cloud-based file sharing? Judge, dear reader, how each application stands up under scrutiny.

File storage requirements

File sharing services store data outside corporate IT where enterprises can lose control of it. Enterprises cannot ensure service up time, file availability, or even that the service will not shutdown altogether.

"This exact circumstance left customers of the Megaupload file sharing service virtually stranded, without access to files in the service's cloud environment, regardless of their legitimate and proper use of the service," says Gordon. These situations leave customers wondering who has access to their files and whether someone will delete them.

Box assures enterprise customers with an SLA guarantee of 99.9% uptime, maintaining that uptime in several ways and offering customer account credits where it fails. "First, we have a single infrastructure serving all our customers at all paid levels. We deploy the highest quality networking and services at a much bigger scale, which allows us to offer enterprise protection more efficiently," says Grant Shirk, group product marketing manager, enterprise, Box.